Re: [ALERT!!!] Major back door in AScii PFiles!!!

From: Sammy (samedi@DHC.NET)
Date: 01/28/98

On Tue, 27 Jan 1998, Chris Jacobson wrote:

> A major back door has just been found.  It was exploited on my MUD, I
> finally discovered how it was done.
> Using this bug a player can take control of the MUD totally, wipe the imm
> char and replace it with their own version.

Player idnum can't be hacked, because it comes after the description and
is always present.  Level could be hacked by a lavel 0 player, but you
could fix that easily enough be making level always save.

A lot of simple solutions have been mentioned.  I think I fixed this in my
copy long ago and forgot about it, because it works ok for me.
Personally, I'd just hack string_add to make ~ a terminator along with @.
Then you get the added benefit of protection against clever builders who
put ~'s in mob/obj/room descriptions to break world files and keep the mud
from booting.


     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | |

This archive was generated by hypermail 2b30 : 12/15/00 PST